Post navigation

SharePoint 2013 and X-FRAME-OPTIONS: SAMEORIGIN

I’ve got a few lightboxes in my SharePoint 2013 Web Application, and one of the pages I need to launch in a lightbox iframe contains Plupload. When I clicked on the link to launch the lightbox, nothing appeared in Chrome and I got an error message in Internet Explorer. Apparently it’s due to a security feature to combat clickjacking.

I tried to fix the issue by using meta tags and also amending the response headers in IIS, but neither appeared to work. What did work was the Ventigrate Permissive XFrame Header, but rather than include this plugin I just included the class in my project and it worked like a charm. So….

Use the following class, remembering to specify the correct namespace for your project:

AlkaneNamespace is the namespace of the class, PermissiveXFrameHeaderModule is the name of the class and AlkaneSolutions is the name of the assembly in the GAC. To get the version/PublicKeyToken information you can follow the post here.